New Scam Targeting Chrome Users!

Mar 16, 2017

The scam appears as a seemingly valid pop up from Chrome. This occurs when users utilize search engines or links on social media to visit compromised, legitimate WordPress websites that contain injected code. Due to poor website protection, hackers are able to place the injected code within the site, modifying the text rendering. This causes the font to appear as mis-encoded text and random characters. The pop up warns the user that "The 'Hoefler Text' font wasn't found," and then provides an upgrade, Chrome_Font.exe, to fix the outdated Chrome pack, as shown below:

Usually, this warning sign indicates the file is malicious. If the user ignores the warning and executes the downloaded file, either a Trojan will be installed or Spora, a type of ransomware, will infect the computer.

Always make sure to look before you click since few antivirus programs can detect this type of malware! If you know what version of chrome you are using, check it against what the pop up says you're running. The pop up has the version of Chrome hardcoded as version 53. Check the filename of the download and compare it with what the pop up says should be the filename. The download's name will be hrome_Fontv7.5.1.exe, not Chrome_Font.exe.

Chrome does use Hoefler Text, although it's not used very often, and scammers try to take advantage of this with this scam. Be aware that Chrome's font pack already has every font you need, so there is no reason for Chrome to prompt you to download a missing one. If a font is missing, Chrome will automatically choose a different font to display instead.